apache
3,096 tracked vulnerabilities.
CVE-2020-9495
MEDIUM
Apache Archiva < 2.2.5 - LDAP Injection via Login Form
Jun 19, 2020
CVSS 5.3
EPSS 0.08
CVE-2020-11969
CRITICAL
Apache TomEE 1.0.0-1.7.5, 7.0.0-M1-7.0.7, 7.1.0-7.1.2, 8.0.0-M1-8.0.1 - Unauthenticated JMX Access
Jun 15, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-11980
MEDIUM
Apache Karaf < 4.2.9 - Server-Side Request Forgery via MLet getMBeansFromURL
Jun 12, 2020
CVSS 6.3
EPSS 0.02
CVE-2020-11975
CRITICAL
NUCLEI
Apache Unomi < 1.5.1 and 1.5.2-1.5.3 - Remote Code Execution via OGNL Scripting
Jun 05, 2020
CVSS 9.8
EPSS 0.30
CVE-2020-1963
CRITICAL
Apache Ignite < 2.8.0 - Unauthenticated Arbitrary File Access via H2 SQL Functions
Jun 03, 2020
CVSS 9.1
EPSS 0.05
CVE-2020-1956
HIGH
KEVNUCLEI
Apache Kylin 2.3.0-2.6.5 and 3.0.1 - OS Command Injection via RESTful API
May 22, 2020
CVSS 8.8
EPSS 0.97
CVE-2020-9484
HIGH
NUCLEI
Apache Tomcat < 7.0.108 - Insecure Deserialization
May 20, 2020
CVSS 7.0
EPSS 0.57
CVE-2020-1955
CRITICAL
Apache CouchDB 3.0.0 - Missing Authentication for Critical Function via Misconfiguration
May 20, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-1960
MEDIUM
Apache Flink 1.1.0-1.10.0 - Man-in-the-Middle Attack via JMXRMI Registry Rebinding
May 14, 2020
CVSS 4.7
EPSS 0.01
CVE-2020-1941
MEDIUM
Oracle Flexcube Private Banking - Cross-Site Scripting
May 14, 2020
CVSS 6.1
EPSS 0.06
CVE-2020-11973
CRITICAL
Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via Netty
May 14, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-11972
CRITICAL
Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via RabbitMQ Java Deserialization
May 14, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-11971
HIGH
Apache Camel 2.22.0-3.1.0 - Rebind Flaw in JMX
May 14, 2020
CVSS 7.5
EPSS 0.14
CVE-2020-1945
MEDIUM
Apache Ant 1.1-1.9.14 and 1.10.0-1.10.7 - Information Disclosure and Arbitrary File Write via Temporary Directory
May 14, 2020
CVSS 6.3
EPSS 0.02
CVE-2020-1939
CRITICAL
Apache NuttX apps 6.15-8.2 - NULL Pointer Dereference in ftpd
May 12, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-1961
CRITICAL
Apache Syncope < 2.0.15 and < 2.1.6 - Server-Side Template Injection via Mail Templates
May 04, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-1959
CRITICAL
Apache Syncope < 2.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
May 04, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-9482
MEDIUM
Apache NiFi Registry 0.1.0-0.5.0 - Insufficient Session Expiration
Apr 28, 2020
CVSS 6.5
EPSS 0.03
CVE-2020-9481
HIGH
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.9, 8.0.0-8.0.6 - Resource Consumption via HTTP/2 Slow Read
Apr 27, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-1952
CRITICAL
Apache IoTDB 0.8.0-0.8.2 and 0.9.0-0.9.1 - Unauthenticated Remote Code Execution via JMX Port
Apr 27, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-9488
LOW
Apache Log4j 2.0-2.12.2, 2.13.0 - Improper Certificate Validation in SMTP Appender
Apr 27, 2020
CVSS 3.7
EPSS 0.08
CVE-2020-9489
MEDIUM
Apache Tika < 1.24.1 - Denial of Service via Crafted File in Multiple Parsers
Apr 27, 2020
CVSS 5.5
EPSS 0.03
CVE-2020-1964
CRITICAL
Apache Heron 0.20.0-incubating-0.20.2-incubating - Remote Code Execution via YAML Deserialization
Apr 16, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-1927
MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - URL Redirection to Untrusted Site via Encoded Newlines
Apr 02, 2020
CVSS 6.1
EPSS 0.57
CVE-2020-1958
MEDIUM
Apache Druid 0.17.0 - Authentication Bypass and Information Disclosure via LDAP User Search
Apr 01, 2020
CVSS 6.5
EPSS 0.05
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters